[Webkit-unassigned] [Bug 182924] New: Potential privacy issue: DNS prefetching can be re-enabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 19 05:40:34 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=182924
Bug ID: 182924
Summary: Potential privacy issue: DNS prefetching can be
re-enabled
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jens.a.mueller+webkit at rub.de
In the scope of academic research we systematically analyzed various email clients for `web bugs' -- 1x1 pixel images in HTML emails used by spammers to track if their mails to a certain address are actually read. To respect the privacy of their customers most email clients, by default, block external content like images in HTML emails. This can be bypassed on Trojitá and Evolution by re-enabling DNS prefetching within the HTML email itself:
<meta http-equiv="x-dns-prefetch-control" content="on">
<a href="http://tracking-id.attacker.com"></a>
The related bug reports can be found here:
https://bugs.kde.org/show_bug.cgi?id=390452
https://bugzilla.gnome.org/show_bug.cgi?id=793449
Both mail clients use WebKit to render HTML emails, so it may actually be a WebKit issue and should be fixed here.
For the testing the mail clients we used Debian GNU/Linux 9.3 with:
- libwebkit2gtk-4.0-37:amd64 (version 2.16.6+0+deb9u1)
- libqt5webkit5:amd64 (version 5.7.1+dfsg-1)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180219/685fa8ee/attachment-0001.html>
More information about the webkit-unassigned
mailing list